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normally peiformed by a Boenco swver. The enaypted lioenoe Informatoi Is contained \n a Boonoo tokea and is stored h a 
database 1 7 oonboSed by the iicenca server 1 5. In ointrast to the prior ait where the sefver efther grants or denies the 
request after vefffying the usefs credentiais, the server in the preferred embodf^ 

cofTedlk»noe token for the software appficatfen and transrrite A ficaice access module 

attached to the appBcalion decodes the token, Routbes In the liconcino fbmiy co^)led to the software appttcatlon vetfy the 
foenoe WonnMfen before issuing the Moenoe and updating the token. The acxsess module then encodes ^ updated token 
before reluming ft to the server. Because the verfetion and issuing functton da token are perfomted by a software 
applk»tion. the i^pHcation rather than the server beoimesth^ Reverse engmeerir^ 

the access inoduie is less ravM«ng than attacking the server beca^ 
of a database of foeitces. 
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MEHUOD FC» FfiOIECIING AGAINST TE£ 

OF SOFTWARE IN A ODMEVIER NETHCggC WnSOmsm 

BACKGRQl JMH OF Tl^f \HWmm 

1. FIgLDQFTHF IMVPMJ^M 

The present invention relates to a mettiod for protecting against 
the unauthorized use of a software appfication in a computer network 
environment. 

2. ART BACKGROUNp 

A computer network is typically an interconnection of machines or 
agents over finks or cal>les. The open access characteristics of a computer 
network presents opportunities for the unauthorized copyir^ of software, thus 
eroding the licensing revenue potential of sofh^vare developers. Traditionally, 
ehher the entire network must be licensed (commonly referred to as a site 
Bcense). or each node where the sofhvare Is tun must 1^ Boensed (commonly 
referred to as a node Iteense). A node refers to a ^ie machine, agent or 
system in a computer nehvork. A Gcense is an aulhorizatton gh^n by a 
software developer to a customer to use a software appficatkm in a spetiiic 
manner. 

A site Gcense lets aO users at a designated kxaUon or network 
use the sofUvare appOcation, regardless of th©*r positton on the network. This 
flat-fee a^^roach is an overkiH for a tow usage software application. A node 
ioense not onfy ties a software appiteation to a particular machine in a 
network, but also is not cost effective fbr the infrequent use of a software 
appik^tion. See. lor example. US. Patent No. 4.688,169. Furthennore. H new 
users of Iteensed nodes wish to use the software appication, they are often 
required to purchase addifionai licenses. 

An alternative to a site Soense or a node Dcense is the concept of 
a concun^ent usage Ecense. A concun-ent usage license restricts the number 
of users aflowed to use a software application at any given time, regardless of 
their location on the network. Just as renters check out available copies of a 



movie video from a video rental store, users on a netwoifc check out a software 
application from an ^ent on a first-come-first-seiva basis* Thus, a concurrent 
usage Boense charges a fee for the use of a software appHcalkm proportional 
to its actual use« 

Methods to license a software appCcaiion for concurrent use in a 
network environment are currently offered by Highiand Software, Inc. and 
Apolto Computer, Ina See. M. Olson and P. Levine. ^Concurrent Access 
Licensing*, Unix Review, September 1988. Vol. 6. No. 9. In general, the 
(tcense for a software s^^ication is stored in a dat^>a$e controiled by a 
Bcense server. A Ik^nse server is a program that not only stores the license, 
but also verifies the user's aedentials before <^cklng out the Bcense to the 
authenticated user. To protect against the authorized use. these methods to 
fioense concurrent usage rely on s^red communications such as 
public/private key encryption. Under putrfic/private key encryptton, eadi user 
of the system has two keys, one of which is genetatfy km>WR to the public, and 
the other which is private. The private tiansformatton using the private key is 
related to the pubGc one using the pubic key but the private key cannot be 
computattonally determined from the public key. See Denning, D.. 
CryptogiBphy and Data Security. Adcfison-Wesley, 1982. The encryption key 
is hkklen in the license server to enoypt the database of Goenses. Well 
designed pubSc^vate key encryption schemes are difficult to crack, 
especially If ttie Bcense server is tocaled in a trusted environment A tnisted 
environment is one whose access Is Gmited to users having the proper 
credenfiais. However, a Bcense server is more Ikely to be tocated at a 
customer^ site and hence bn an hostile environment, it follows that the Bcense 
sen^r vulnerable to sophisticated intniders. Once the private k^ is 
decrypted, all sensith^ information on the Bcense server such as Ecenses are 
compromised. 



it is therefore an object of tite present invention to provide a more secure 
method to protect against the unauthorized use of software in a concurrent use 
licensing environment 
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The present Invention provides to the s^tware af^lication the 
verification and Scense checA out functions wMch are rK>rmally performed by a 
5 license server. The preferred emt>odiment of the present invention comprises a 
computer network including a plurality of agents running at least one license 
server and at least one software application. The icense server controls a 
datatyase of an agent containing the license information for the software 
application. The Bcense Information is contained in a license token, and is 

1 0 stomd in the database controlled by the license server. The Scense token is a 
special t»t pattern or padcet vt^ich is encrypted by the software vendor of the 
appfication software. The software application communicates with the license 
server through a licensing library. The lioensing library is a collection of Gbrary 
routines that the software appBcaiion invokes to request or renew a license 

15 from the license sen/er. Before a software appScation obtains a Dcense, the 
license token must be decoded by a ycense access module. Hie Kcense 
access module, wMdi is Inked with the software applicatk)n and the licensing 
Gbrary is a program that decodes the license token from a vendor ^>eciric 
fbrmat to a Bcensing library format 

20 

When an user wishes to njn a software a(H>fication. the Ecensing Cbra^ 
invokes a call to request a Gcense token from the Scense server. In contrast to 
the prk>r art where the Ecense server either grants or denies the request after 
verifying the user's credentials, the license server in the preferred embodiment 

25 of the present Invention finds the correct Ecense token for the software 

application and transmits the Scense token to the Ocensing fbrary. The Gcense 
access module attached to the f censing tbraiy decodes the icensing token. 
Routines in the ficensing library coupled to the software applicatton verify the 
Ecense infonnation before checking out the Ecense and updating the license 

30 token. The Bcense access module encodes the updated Ecense token before 
returning it to the Gcense server. 
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Because the verification and check out Unction of a Ocense token are 
performed by a software application, the software appT^on rather than the 
icense servef becomes the point of attack by unauthorized users. Reverse 
engineerifig the license access module is less rewaitfing than attacking the 
5 loense server because the license access module reveals the contents of a 
fraction of a ctetabase of Boenses. By the time most attackers crack the Gcense 
access mOule, the software vendors wouU most Ekely introduce newer 
versions of the sofhvare appScation and new Dcense access modules for them. 
Thus the present invention provktes a nnors secure method (or protecting 
1 0 against the unauthorized use of a software af^Ccatlon in a computer network 
environment without modifying the underlying confer network. 
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pff lf F nPRCRtP TpM np THg drawings 



Hgure 1 illuslrate$ a network environment employing the present 
invention. 

5 

Figure 2 describes the architecture of a network licensing scheme 
employing the preferred emlMxfiment of the present invention. 

ngure 3 describes the installation of a Goense token in the prefenred 
1 0 embodiment of the present invention. 

Hgure 4a illustrates the use of a license token to request a Ccense fmm 
a license server in the preferred embodiment of the present invention. . 

15 Hgure 4b Uiustrates the use of a Goense token to renew a Goense from 

a license server in the prefen^ed err*odiment of the present invention. 

Figure 4c illustrates the use of a Bcense token to release a Gcense from 
a Gcense server in the preferred embodimem of the present invention. 

20 



NOTATION AND MQMgfJCI ATI IPC 



The detailed description that follows is presented largely in tenns of 
algorHhms and symboOc representations of operations on data bits and data 
5 structures within a computer memory. These a^rithmic descriptions and 
representations are the means used by those skilled in the data processing arts 
!o most effectively convey the substance of their woric to others skilled in the 
art 

1 0 An algorithm is here, and generally, concent to be a self-consistent 

sequence of steps leading to a desired result These steps are those requiring 
physical man^lation of physical quantities. Usually, though not necessarily, 
these quantities take the form of electrical or magnetic signals capable of being 
stored, transferred, combined, compared, and othenwse n^nlpulated. It proves 

1 5 convenient si times, prindpally for reasons of common usage, to refer to these 
signals as bit patterns, values, elements, symbols, characters, data packages, 
or the fike. it shouM be borne in mind, however, that all of these and similar 
terms are to be associated with the appropriate physical qt^tities and are 
merely convenient labels applied to these <pjantities. 

20 

Further, the manipulations performed are often referred to In tenns. Mch 
as adding or comparing, that are commonly associated with mental operations 
performed by a human operator. No such capabiGty of a human operator is 
necessary, or desirabto in mo^ cases, in any of the operations descA)ed 

25 herein that form part of the present invention: the operations are machine 
operations. Useful macMnes for perfdmiilng the operattons of the present 
Invention include general purpose digital computers or other similar devices, in 
an cases there shouM be borne in mind the disfincGon between the method of 
operations In operating a computer and the method of computation itsislf. The 

30 present inventk^n relates to method steps for operating a computer in 

processing etectrical or other (e.g. mechanical, chemicaO physical signals to 
generate other desired physical signals. 
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The present invention also relates to an apparatus for perfomung these 
operations. This apparatus m^twspeaafly constructed lor the required 
purposes, or it mey comprise a general purpose computer as selectively 
5 activated or reconfigured by a computer program stored in the computer. The 
algorithms presented herein are not inherently related to any particular 
computer or other apparatus. In particuiar, various general purpose machines 
may be used whh programs written in accordance with the teachings herein, or 
it may prove more convenient to constaict a more spedaEzed apparatus to 
1 0 perform the required method steps. The required stnicture for a variety of these 
machines will appear from the description given i>elow. 
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DETAILED DFSCRlPTinM np tM\ff=MT|ON 



The following detailed description is divided into several sections. The 
first of these sections describes a general netMorIc environment for accessing a 
5 database of licensed software programs. Subsequent sections discuss the 
details of a methodfor preteding against the unauthorized use of a software 
application. 

I General Motwnffc Pf^yjfpnnmrtf 

10 

Referring to Figure 1, computer network environment t»mprises a 
pluralHy of data processing devices Identified generally by numerals 10 
through 10" (DIustreted as 10. 10* and lO"). These data processirtg devices 
may include terminals, personal computers, worlcstations. minicomputer, 
15 mainframes and even supercomputers. For the purposes of this Specification, 
all data processing devices which are coupled to the present invention's 
networit are coOecthrely referred to as -agents". It should be urxferstood that 
the agents may be manufactured by <fifferent vendors and may ateo use 
different operating systems such as k^S-DOS. UNIX, OS/2, tAAC OS and 
20 others. Particular examples of suitable agents include machines manufactured 
by Sun Microsystems. Inc.. Mountain View. CaBf. Each of the agents has an 
Input device such as a keyboard 11. li' and 11" or a mouse 12. 12* and 
12'>. As shown, agents 10 through 10" fiiiustrated as 10. 10* and 10») are 
Interconnected for data transfer to one another by a common cable 13. It will be 
25 appreciated by one sWBed in the art that the common cable 13 may comprise 
any shared meda. such as coaxial cable, fiber optics, radio channel and the 
eiw. Furthermore, the networit resulting from the intereonnecUon of the cable 
13 and agents 10 through 10" (illustrated as 10. 10* and lOn) may assume a 
variety of topologies, such as ring. star. bus. and may also include a collection 
30 of smaRer nehworfcs linked by gateways or bridges. 
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Referring again to Figure 1 is a icense sefvice 14. The fioense 
service 14 is a resource shared by every agent connected to the network. In 
the preferred eml)odcment of the present Invention, the Icense service 14 
comprises license senders 15 through 15" (iKustrated as 15, 15* and 15™) 
5 and databases 17 through 17«n 0««sfrated as 17, ir and I7«n), where m Is 
less than or equal to n. A Ooense server Is a program that mns on an agent wrth 
a memory storage capaWltty. Each Goense server 15 filUistrated as 15, 15* 
and 15"*} commuriicates wAh a database 17 stored in memory on the ^ent 
over an Interface 16 pustrated as 16, 16* and 16«). As wffl be described in 

1 0 detail below, the database 17 stores licensing information for various software 
applications which are purchased and authorized to run in the computer 
networtc environment The Ocen^ server is not imited to run on a specilic 
agent, but can operate on any agent inchxSng the agent on which the user is to 
operate the appiicalion. Thus, any agent connected to the network may 

15 ftjnctton as a ficense server as well as a device on which a user may operate 
application software. As will be described bebw. the icense server does not 
perform verification of ficenses of apprication software: rather the fioense sender 
Is passive and provides storing, locking, logging, and crash recovering 
funcfion for the application software. 

20 

Rgure 2 illustrates the architecture of a networic Ecensing scheme of 
the present invention. The amhitecture comprises a database 18. dat^)ase 
Interface 19, ficense sender 20, Scensing ibrary 24. License access module 
27, Bcense administration tool 21, Bcense service lender 29. and license 
25 production tool 34. 

The database 16 stores Ecensing information and application usage 
data. Preferably the database 18 comprises a pluraSty of reconls which 
contain the following Infonnatton: 
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Database Element 


Descnction 


Unique Key Table 


Keys for all other tables 


Vendor Table 


Vendor's ID and name 


Product Table 


Product number and name 


Version Table 


Version number and date 


License Table 


License #< .exp date, total units 


License Token Table 


Stores encoded teense token 


Unit Group Table 


A group's allocation of ficense 


Group List Table 


Name of the group 


Allowed Users Table 


Credentials of allowed users 


Current License Use Table 


Applications using a license 


Lock Table 


Locked records in database 


Authorized admirdstrator Table 


Login names of administrators 


License Operation Log Table 


Administrator's log Information 


License Usage Log Table 


Re<v^est handle plus Cfient Log 


License Queue Log Table 


License wait qaeue 


Application Message Log Table 


Application specific messages 



A database interlace 19 provides commurrication between the Gcense 
server 20 and the database 18 In order to prevent concurrent access to the 
same database record by multiple users which can cause the daHa in the 
record to t>ecome corrupted Thus, only the owner of the lock can read from 
25 and write to the locked record during the usage of the a^ilication. 

The Gcense sender 20 operates on an agent and interfaces the database 
16 to icense administration tool 21 » licensing Qbrary 24 and license service 
binder 29. The license sender 20 communtoates wrath the Scense 
30 administration tool 21, Hcenstng llbr^ 24 and icense service binder 29 via 
an interface 23. Prefenabiy the interface 23 is a remote procedure caU 



nwchanisffl which permlte a process operating on one device or agent 
connected to the network to request a resource or service from a remote device 
or aoent connected to the network. SeeA.BirrelandB.Nel8on.1mplementlnfl 
Remote Procedure Calls * ACM Tansadion on Computer Systems, February 
5 1984, Vol 2, No. 1. 

Multiple icense servers may reside on muttiple agents. Preferably the 
eoense server 20 operates In a background mode of the agent such that to 
operation is transparent 10 a user of that agenL More particular^, as wiH be 
10 described below, the Gcense sewer 20 provides the foltowing kmctions: 1) 
servkdng the requests from the Bcendng library 24 lor foense token; (2) 
maintaining a waH queue for recpiests to the database 18 whw no foen^ 
units are available: (3) generaBng locks tor exckisive access to database 
18: and (4) provkSng access to information in ttie database 18. 

15 

The licensing Bbraiy 24 is a set of Bbrary routines whidi enable the 
appGcation 26 to request Poensing sanrioe from the Bcense sewer 20. l^n 
receiving the request for sewice from the Boensing ibrary 24, the license 
sewer 20 retrieves a Bcense token from the database 18 and transmits it to the 

20 licensing Ibrary 24. The Iksendng ibraiy 24 is inked with the application 26 
and conununicates with the Bcense server 20 over a path 28 with, preferabfy. 
a remoto procedure call mechanism 23. Among the major Bbraiy calls in the 
Boensing Bbrary 24 is the appfication's request for a Bcense from the license 
sewer2a Other important Bbrary caflslndude the request to renew and to 

25 release a Boense. The use of the Bowise token to aocorr^Esh the reqMest for 
the various Bcenslng sewtoe will be described in detail betow. 

The ioense ftooess module MM) 27 is prepared by the software 
vendor 24 to decode the Bcense token. Once decoded, the appBcation 26 via 
30 routines In the llcenstog Bbrary verifies the Boensing infomatfon in the license 
token and determines whether a fcense may be diecked out The LAM 27 
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also encodes the ficense tokw before the application returns It to the database 
18 via license sender 20. The Gcense access module 27 is described in 
further detail below. 

Hie icense adminlstralion tool 21 is utilized by the network adminlstralor 
to perform administrative functions relevant to the concun'ent usage of a 
software application. The license acfeninistration tool 21 may run on any agent 
connected to the computer network. The Gcense administration tool 21 is 
primarily used to install the license tolcen Into the database 18 through the 
license server 20. The functionaTity of the Icense adn^nlstration tool 21 
Includes: (1) starting or temtinating a Gcense server, (2) accessing a database 
controlled by a license server; and (3) generating and printing reports on 
license usage. 

The application 26 may not access the database 18 dir^niy; rather, the 
request for a Scense is made through the icensing library 24 to the license 
server 20 over a path 28. Most network icensir^ schemes emptoy secured . 
communicatfon between the ficensing Q>rary 24 and the Gcense server 20. in 
contrast, the present invention uses the Icense access module (LAM) 27 the 
Bcense Kbraiy 24 and a plurality of Hoense tokens to protect against the 
unauthorized use of software application in a computer network. 

Refem'ng once again to Figure 2, a Icense service binder 29 is shown 
coupled to the Bcense server 20 over a path 30. The ficense service Urvter 
29 is invoked tqr means known In the art such as a network service program. 
The Bcense ser^^ Under 29 locates all egento that are designated as sen^rs 
on the nehwrk, and keeps track of which sen^r is servicing which aK>6calion. 
The Gcense servfoe binder 29 contacts each sen^r on rfs table of available 
servers and requests a Gst of products it serves. Rnally the Gcense sendee 
binder 29 ¥i^es the contents of the table of avaulable ficense servers and the 
1st of products into a binding file 32 over a path 31. In Figure 2, the bindng 
file 32 is coupled to the licensing Bbrary 24 over a path 33. The application 26 
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queries the binding file 32 to see which license server can service its request 
for a license. 

A f cense production toot 34 is used by the software vendor to create a 
icense token for transmittai to the network administrator. Recehrfng the Coense 
token, the network admbiistrator installs it with the license adrninistration tool 21 
into the database IB through Bcense server 20. 

ri. License Token 

Referring to Figure 3. the aeation of a Soensi token in a computer 
network emptoying the preferred embodiment of the present invention will be 
described. A computer nehvork 38 is shown coupled wfth a license 
administration tool 39 and a single Picense sen^r 44, The ik:ense server 44 
communicates with a database 45. Applicalions 41 « 42, artf 43 are shown 
requesting licensing service from the icense server 44. When a customer 
pur^ases a Ucense for an application, such as a CAD/CAM program for its 
research and development d^»artment, the software vendor creates a icense 
token with a Icense production tool, and de&vers the icense token to the 
customer's network administrator. A license token is a special t>ft patlem or 
packet representing a icense to use a software appicattoa The network 
administrator installs the ficense token 46 into the datebase of the icense 
server using the icense administration tool 3§. Unike the token used in a 
token rii^ which Is passed from agent to agent, a icense token in the (Heferred 
embodiment of the present invention is passed only between a license server 
and a icensli^ Gbiary for a predetermined amount of time. The predetermined 
amount of lime corresponds to the time the Icense token is checked out of the 
Bcense server. Cunently« the Bc^se token is checked out to an appKcallon for 
no more than ten seconds, and the Icense token is letunted as quicMy as 
possible to the issuing Bcense setver. The Bcense token 46 contains 
information encrypted in the vendor's fbrmat such as .vendor identification, 
product and version numbers as well as the number of Bcense units purchased 
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for the boense token. A icense unit corresponds to the Goense migMoQ for an 
agent connected to the computer networic. For example, powerlUI workstations 
could reqtAre more Bcense unto to use a software appfication than an average 
personal computer. 

5 

The software vendor produces a license token using a Dcense 
production tool 40. A path 47 ilkistrales how a tk^nse token 46* makes its 
\Nay to a Goense administraiion tool 39 at the customer's site. There, the 
system »:iministrator installs the Gcense token 46" as icense token 46 into the 

10 license database 45 of the Gcense server 44. A path 48 incicaies the transfer 
of the Gcense token 46* from the Gcense aAninistration tool 39 to the Bcense 
server 44 and into the datat>ase 45 as Gcense token 46. The Bcense sender 
44 is now ready to entertain re<^iest$ from appficattons 41,42. and 43 for a 
ficense to use the applicatton corresporKfing to token 46 as wel as other 

1 5 appGcattons represented in its database 45. 

It shouU be understood that each netwoilc may have a lAmfity of 
Bcense sen/ers and each Bcense server my have In lis database a pkjraTi^ of 
Bcense tokens tbr a variety of software appTicattons. Referring again to Hgure 

20 3, If application A 41 requests and ^ecks out the Bcense token 46 for less 
than ten eecondSt appBcations B and C 42. 43 would be unable to dieck out 
. the Gcense token 46 if thtir requests were m«ie during the same time 
appGcation 41 Is cheddrq o\A a Gcense from the Gcense token 46 because of 
the tocldng mechanism provided by database biterfaoe 19. Thus, to achieve 

25 ooncurrer^ ficense usage in networic 36. It is preferred that the networfc 
admirtistratortastaOs more than one Bcense senw.Tomlnbnizethetaskof 
recovering from fcense sen^r crashes, it Is also preferred that the system 
administrator spreads the Goense units lor any one appGcafion among a 
pluraGty of stralegicany located Bcense servers. For instance. H a networi( has 

30 four Gcense servers, tfve networic administrator may want to aitocate the twenty 
Gcense units for a particular popular appteation among four Goense tokens with 
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five license unite for each Kcense token. In the event one toense server 
crashes or the itoense token Is checked out, the other three ficense servers 
may pro^de icensino service to other appDcattons. 

5 Rgure 4a illustrates the use of a loense token to request for a fioense. 

As shown, a n^ork 50 is provided, and is coupled to AppGcations 52, 54 
and 56 respecthrely. Appicatton 56 succeeded in requesting a Gcense token 
from the Ecense server 58 in step 59. The Gcense token is transmitted to 
appHcatton 56 In step 60. When done, Application 56 returns the Ooense 

10 token to the Icense server 58 in step 61. Askte from the Bcense request 
function performed with the Ocense tdcen as shown in Hgure 4a. the Ccense 
token Is ^80 used in other criticat stages of the Eoensing process. For 
example, an user n>ay wish to run an appScatkm beyond the inHiai allocated 
time. As stown in Rgure 4t>, AppOcalfon 68 makes a ficense renewal 

15 request 71 from the Gcense server 70 with Scense tdcen 72. Simtlafly, in 
Figure 4c the user makes a Ucense release request 83 when the s^ipGcatlon 
no longer needs the icense units. As such, the updates the Kcense token 
84 iqr returning ttie updated Gcense token to the icense server 82 in step 85. 

20 III. Ucensft Accesfi Morkite 

in Figure 2. a Icense access nmluie (IPM) 27 Is linked with the 
appication 26 and the Gcensing Gbraiy 24 to form the executable code that 
software vendors ship to the customers. The Ecense access module 27 
decodes and encodes the encrypted loense token as It Is being passed 

25 between the Boensesenwr and the IcettsingnHary 24. Thus the level of 
security of an appBcatlon from unauthorized use depends heavl^ upon how 
secure the license access module is. 

Conventional network Rcensing schemes use pubDc/prfvate key 
30 encryption to encode sensithre Information. Si^ a scheme Is effective if the 
Gcense server is in a trusted en^'ronmenL However, the customer has the 
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sameacoesstoany^minanetvtfori(,indKfingth6rioenseserve^^ The 
security of the Hoensing scherm can be compiomised by a user who decrypts 
the Bcense servers private key. Once the unauthorized user detennlnes the 
server's private key. he can decrypt all sensitive ^formation on the ioense 
5 server. ShouU aH foense servers use the same key. as is frequently done, 
then ail the security of the a{H)fication8 served by ail the fioense servers will be 
compromised. 

The ioense access moAde 27 first translates a Eoense token from a 
vendor specific fomiat to a fbnnat usable by the Bcensir«B)rary 24. The 
icense access module accompBshes the transiatton In two modules. One 
mocble translates or decodes a Ooense token from a vendor specff^ 
licensing H>rary fbmiat The second module translates or encodes the updated 
icense token trom the Scensing ibrary fonnat to the vendor specific formaL 
The second module is invoked anytime the Koensing Ibreuy updates the 
information In a ioense token. 

Mponrecehrino the ioense token in the Ecensing fibra/y fbmiat, the 
icensing ftrary invokes routines whtoh verity the correctness of the icense by 
reviewing the foioviring icense Informatton stored in the token: (1) flag. (2) 
maintenance contract date. (3) host name and domain. (4) proAict name. (5) 
host kf number. (6) fcense serial numt)er. and (7) expiratk>n date of icense. 
This is compared to the tnfbrniatkmmaintidned by the a^^ If the 
Wonnation matches, the ioense te verited. After completing the verification 
process, a routine in the icensing ibrary is Initiated which checks out the 
icense by de&ementing the icense units in ioense token by the number of 
icensing units being checked out 

The decoding and encocDng mutlnes albw software vendors to 
imptement their own security mechanism to protect their Kcenses from 
unauthorized use even though they reside at the customer's site. 
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Below is an example of a sample appGcation using tite Bcensing f braiy 
and the Ooense access module wiftten in C language: 

5 fdefine UC RENEWAL TIME (60) /Sset renewal time for this session/ 

«deflne ESilLIC.RENEWAL.TIME (LIQ_RENEWAL_TIME x .9) 

NL vendorjd Nl^Vendor.ld - 1223: /Set vendor #/ 

Nkprad num NL Piod_num « "02" /set product #/ 

10 Nk-vereton NlJ/erslon - ( 1 2ao/B6. M.0" ); /set vereion id #/ 

status • NL init (vendor id. NULL, fijobjd); /initialize loense service/ 
if (status i«NL.N0LEra)OR) /accept job Id H no errei/ 

15 ^rintf (stderr.'nljnit felled -enora 

%d^*, status }; /error niessa^ if error and 

return/ 

ratum: 

} 

20 units » 3; 

code funcs.eflCO(te j> « n! encode; ^nter to encode function/ 
code*func$.decodej;> » nLdecode; 4>ointer to decode funcfion/ 
if (signal (SIGALRM). alannjntr ) » (void *) -1 ) /set alam if no 

error/ 

perror fCannot set SfGAUUT): Arthenmse. error message/ 
iBtum; 

status I NL_request(|ob_id,lfl^Pfod_fwm. Aequest a Scense/ 
30 &NL Version, 

units, UC.RENEWALjriME, NI^UI^SRCH. 
ftcode.funcs. NULI^ 
&req.handle. NUU., &appJnfo); 

if (status b NL NOLEfWCH)} /no error, icense checked 

35 { ml from Boense server/ 

^rintf (stderr« *nl_r«iued faaed - error « 
%An*. status); /Wlientfise. error message/ 

ratum; 

J 

40 /• 

* We got a license /foense request successftd/ 

•/ 

alann (EST LIC RENEWAL TIME): /Iset alarm for Soense lenewai 
45 - " ' " time/ 

Application Runs /njns application/ 

" status m NL release (req_handle): /request to release a Scense/ 

If (status Im l5l^N0LERROR) 

SO { 

fprintf (stderr, *nl release failed • error « /otherarise. error 
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%dyn\ status); 
, return; 
1 



messages^ 



5 



int 

alarm JntrO 



{ 



statiis m NL confirm (mLh&^« 
UC^RENEWAL^TIME, NULL); 



Aenew Scansirtg unit with 
ficensif^ server/ 



10 



r 

* Verify vendor private information 
7 



} 
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If (status!- NL.NOlERROR) 
^ntf (5tderr» *nLoonflrm failed - enor « 
%\n*, status); 



/othenvise. error 
messi^e/ 



puts fCcense renewed*) 



/successful Bcense 
renewal/ 
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Ttie sample application given above Is accompanied self- 
explanatory annotation to the right margin of the codes* Of particular interest 
are codejuncencodej) and oodejunc.decode j>. Encode j) and decode j> 
Bre pdnterB to the software vendor^ encode and decode routines, 

25 respecUvely. Taidng the poimers in the code June variable, the icensing 
ibrary can use the punters to invoke the <tecoding and encoding routines in 
the Ecense access module. The three major Icensing fibrary routines, rm^iest 
for a Dcense (NL^rec^est). release a Bcense (NLjelease) and renew a Soense 
(NLjconfirm) Invoke the deoodng and encoding routines. For exarnple of a 

30 fioense access mo(ftile. see Appendix 1. 

in implementing the fioense access module, the fcense server becomes 
mereV a repository forlcense tokens. The Icensing Bbrary coupled to the 
appiteation performs the procedure of authenttoafing the Bcense token prior to 
35 grantifm a Bcense and therefore access to nin the appBcation. 

Because the level of security of the system is cfidated by the Bcense 
access module, the sofhware vendors are ftee to make the fioense access 
module as simple or as complex as they deare. In particular, they are free to 
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adopt any ol the encryption schemes as part Qf their ewry^^ Ifthe 
securf^ mechanism is broken, and the enorj^on known to others, then the 
software vendors can easily remedy the situation by releasing a new verston of 
the product with a new Doense access module. 

5 

WMIe the present invention has been particularly described with 
reference to Figures 1-4 as weH as Appencfix 1. and with emphasis on certain 
language in implementing a method to protect against tiie unauthorized use of 
software application in a computer network environment, it shouU be 

10 understood that they are for ffiustration only and shouW not be taken as 
limitation i4>on the invention. In addltton, it is dear that the method of the 
present invention has utIRty in any application run in a computer network 
environment It is contemplated that many changes and mocfifk:ations may be 
made, one sMOed in the art, w&hout departing from )he spirtt and scope of 

15 the invention disclosed above. 
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CLAIMS 

1. In a computer netvork environment including a 
plurality of software applications licensed to run on at 
least one network of agents, said applications located on 
said agents wherein use of the application on a particular 
agent is permitted upon the grant of a license, said 
license being requested by a user from said agent of said 
applications, a system for protecting against the 
unauthorized use of said applications comprising: 

license token means for storing licensing 
information of said applications; license server means 
connected to said agents for communicating with said 
applications, said license server means having a database 
which stores said license token means, said license server 
means further retrieving said license token means from 
said database upon a request for a license by said 
applications, said license server means further 
transmitting said license token means to said 
applications ; 

license access means connected to said agents 
for decoding and encoding said license token means froo 
said license server means, said license access means being 
integrated with said applications, said license access 
means receiving said license token means from said license 
server means; and 

licensing library means connected to said agents 
for verifying said decoded license token means before 
access to said license is granted, said licensing library 
means being integrated with said applications* 

2. The system as defined in claim 1, wherein each 
said license token means containing licensing information 
for at least one version of each said applications. 
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3« The system as defined in claim 1^ vfaerein the 

contents of said license token means Is encrypted. 

4. The system as defined In claim 1, vherein said 

license token means is passed between said license server 
means and said licensing library means for a predetermined 
time period* 

5« The license token means as defined in claim 4, 

wherein during said predetermined time period, only one 
said applications may check out one said license token 
means. 

6« The system as defined in claim 1, wherein said 

license server means receives said request for a license 
from said applications, said license server searches in 
said database for a license token means storing the 
license requested by said application before retrieving 
said license token means. 

7. The system as defined in claim 1, wherein said 
license access means decodes the contents of said license 
token means before said licensing library means verifies 
said license token means. 

8. The system as defined in claim 1, wherein said 
license access means encodes said license token means 
after said licensing library verifies said license token 
means and prior to rettdrning said license token means to 
said license server means. 

9. The system as defined in claim 1, wherein said 
licensing library verifies said license token means by 
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cooparing the licensing information stored in said license 
token means vith the licensing information maintained by 
said application* 

10. The system as defined in claim 1, vfaerein said 

licensing library means checks out said license of said 
application in response to a positive comparison of the 
license information* 

11« The licensing library means as defined in claim 

10 9 wherein said license for said application being 
checked out after said licensing library verifies said 
license token means. 

12m In a computer network environment including a 

plurality of software applications licensed to run on at 
least one network of agents f said applications located on 
said agents wherein use of the application on a particular 
agent is permitted upon the grant of a license, said 
license being requested by a user from said agent of said 
applications y a system for protecting against the 
unauthorised use of said applications comprising: 

license token means for storing licensing 
information of said applications; 

license server means connected to said agents 
for communicating with said applications | said license 
server means having a database which stores said license 
token means I said license server means further retrieving 
said license token means from said database upon a request 
for a license by said applications » said license server 
means further transmitting said license token means to 
said applications; 
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license access means connected to said 
application and accessible from said agents for decoding 
and encoding said license token means from said license 
server means , said license access means being integrated 
with said applications; 

licensing library means connected to said 
application and accessible from said agents for verifying 
said decoded license token means before access to said 
license is granted , said licensing library means being 
integrated with said applications; and 

license binding means connected to said license 
server means and to said licensing library means for 
constructing a binding file, said binding file informing 
said licensing library means which of said license server 
means may grant a license to said application* 

13* The system as defined in claim 12, vhereln said 

licensing library means are located on the same agents as 
said applications* 

14* The system as defined in claim 12, vhereln said 

license sever means are located on the same agents as said 
licensing library means* 

15. The system as defined in claim 12, wherein each 

said license token means contains licensing Information 
for at least one version of each of said applications* 

16* The system as defined in claim 12, wherein the 

contents of said license means is encrypted* 

17 • The system as defined in claim 12, wherein said 

license token means is passed between said license server 
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means and said licensing library means for a predetermined 
time period. 

18. The license token means as defined in claim 17 , 
vhereini during said predetermined time period, only one 
of said applications may check out one said license token 
means. 

19. . The system as defined in claim 12, wherein said 
license server means further transmit said license token 
means to said licensing library means. 

20. The system as defined in claim 12, wherein said 
license access means decodes the contents of said license 
token means before said licensing library means verifies 
said license token means. 

21. The system as defined in claim 12, wherein said 
license access means encodes said license token means 
after said licensing library verifies said license token 
means and prior to returning said license token means to 
said license server means. 

22. The system as defined in claim 12, wherein said 
license binding means constructs said binding file by 
contracting each said license server means to request for 
a list of applications it serves, said binding file 
containing said list of applications available from said 
license server means. 

23. In a computer network environment including a 
plurality of software applications licensed to run on at 
least one network of agents, said applications located on 
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said agents wherein use of the application on a particular 
agent is permitted upon the grant of a license, said 
license being requested by a user from said agent of said 
applications I a system for protecting against the 
unauthorised use of said applications substantially as 
hereinbefore described with reference to the accompanying 
drawings. 
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